package cn.tedu._08security.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api/")
public class UserController {
    @GetMapping("public/hello")
    public String helloPublic(){
        return "helloPublic";
    }

    /**
     * PreAuthorize注解：
     * 1.指定拥有sys：private：view权限的用户才可以正常访问此方法
     * 2.先认证【输入用户名和密码】，再鉴权【检查用户的权限】
     * @return
     */
    @PreAuthorize("hasAuthority('sys:private:view')")
    @GetMapping("private/hello")
    public String helloPrivate(){
        return "helloPrivate";
    }

}
